The latest version of Kubernetes does not support Docker as a container runtime anymore. That is why many Kubernetes administrators have migrated their cluster’s container runtime from docker to another container runtime like containerd or cri-o. Or they will do that soon.
References
- https://gist.github.com/mamiu/4944e10305bc1c3af84946b33237b0e9
Old: entering a Container as root with Docker
Most containers that run on Kubernetes clusters do not run as root. But what, if you want to test a container and for that, you want to install and test some software manually before you create a new container image? With Docker that was easy. Just enter the container as root (id=0
) and do with the container, whatever you want to do:
docker exec -it --rm -u 0 <container-id> bash
Now, that the containers are no Docker containers anymore, this is not possible anymore.
New: entering a Container as root with runc
However, you can runc
to enter the container as root. Say, you want to enter a shell as root user in the container running on my-pod
on my-namespace
. First, you need to calculate the container ID. With that information you can enter the container using runc
like follows:
# INPUT POD=my-pod NAMESPACE=my-namespace # CALCULATE CONTAINER=$(kubectl -n $NAMESPACE get pod $POD -o jsonpath="{.status.containerStatuses[].containerID}" | sed 's/.*\/\///') # RUN SHELL AS ROOT sudo runc --root /run/containerd/runc/k8s.io/ exec -t -u 0 $CONTAINER sh
That’s it! You even do not need to install runc
, since runc
is part of the installation package if you have installed containerd (and I guess, also with cri-o…).
P.S.: if you still need to migrate your Kubernetes cluster from Docker container runtime to containerd runtime, you might be interested in this blog post:
2 things here. 1) wait until you have a container ID your container must be in running state or there will be no ID yet. 2) You must run the „runc“ command on the worker node that your container is running on in case you have a K8s Cluster.
You are perfectly right! Thanks a lot for the clarification.